Corey Edwards wrote:
>On Thu, 2005-12-29 at 19:58 -0700, Stephen Smith wrote:
>>>>iptables -A INPUT -s 192.168.1.x -d 10.0.0.1 -j DROP
>>iptables -A INPUT -s 192.168.1.x -p ALL -d 10.0.0.1 -j DROP
>>iptables -A INPUT -s 192.168.1.x -p ALL --dport 80 -j DROP
>>iptables -A INPUT -s 192.168.1.x.-p ALL --multiport -dport
>>80,8080,8008,443 -j DROP
>>>>>>The filter table has 3 built-in chains, INPUT, OUTPUT and FORWARD. A
>packet will transit only one of these chains. INPUT is for packets which
>match an IP address of the box. OUTPUT is for packets generated locally
>and destined externally. FORWARD is for packets which are generated
>externally and are destined externally as well.
>>So, you've asked iptables to filter traffic in INPUT when the packets
>will only be in FORWARD. You simply need a rule like this:
>> # iptables -A FORWARD -s 192.168.1.x -j REJECT
>>I prefer a REJECT in this case so that you get an immediate error on the
>win98 box rather than waiting for a timeout.
>>Since this rule is in the FORWARD chain, it will have no affect on local
>traffic destined for this box. Those packets will be hitting the INPUT
>chain instead. It also won't affect any traffic which goes directly
>between the Win98 box and any other machine on the network since that
>will occur strictly between those two boxes and never involve the
>firewall.
>>Corey
>>>>------------------------------------------------------------------------
>>>/*
>PLUG: http://plug.org, #utah on irc.freenode.net
>Unsubscribe: http://plug.org/mailman/options/plug>Don't fear the penguin.
>*/
>You all are great, every suggestion worked. Thanks.